Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GB/T 43696-2024 PDF English

US$200.00 · In stock · Download in 9 seconds
GB/T 43696-2024: Cybersecurity security technology - Zero trust reference architecture
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDUSDBUY PDFDeliveryStandard Title (Description)Status
GB/T 43696-2024200 Add to Cart Auto, 9 seconds. Cybersecurity security technology - Zero trust reference architecture Valid

Similar standards

GB/T 43779   GB/T 42460   GB/T 42453   GB/T 43697   

GB/T 43696-2024: Cybersecurity security technology - Zero trust reference architecture

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT43696-2024
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.030 CCS L 80 Cybersecurity Technology - Zero Trust Reference Architecture Issued on: APRIL 25, 2024 Implemented on: NOVEMBER 1, 2024 Issued by. State Administration for Market Regulation; Standardization Administration of the People’s Republic of China.

Table of Contents

Foreword... 3 1 Scope... 4 2 Normative References... 4 3 Terms and Definitions... 4 4 Typical Features... 5 5 Reference Architecture... 5 6 Core Components... 7 6.1 Policy Decision Component... 7 6.2 Policy Execution Component... 7 7 Supporting Components... 7 7.1 Task Management Component... 7 7.2 Identity Management Component... 7 7.3 Resource Management Component... 8 7.4 Environment Perception Component... 8 7.5 Cryptographic Service Component... 8 Bibliography... 9 Cybersecurity Technology - Zero Trust Reference Architecture

1 Scope

This document specifies the zero trust reference architecture and describes the subject, resources, core components and supporting components, as well as their correlations. This document is applicable to the planning, design, development, application and evaluation of information systems that adopt the zero trust architecture.

2 Normative References

The contents of the following documents constitute indispensable clauses of this document through the normative references in the text. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB/T 25069 Information Security Techniques - Terminology

3 Terms and Definitions

The terms and definitions defined in GB/T 25069 and the following are applicable to this document. 3.1 zero trust A network security philosophy with resource protection as the core. NOTE. this philosophy holds that when a subject accesses a resource, regardless of whether the subject and the resource are trustworthy, the trust relationship between the subject and the resource needs to be built from scratch through continuous status perception and dynamic trust evaluation to implement end-to-end secure access control. 3.2 zero trust architecture Information system architecture established based on zero trust. NOTE. it includes system components that constitute the architecture, as well as the relations among the components. 3.3 subject The entity that initiates the access request. 3.4 resource The object accessible to the subject.

4 Typical Features

The zero trust architecture has the following typical features. a) Continuous status perception. Continuously collect relevant information on the subject, resources and the environment, and analyze the security situation. b) Dynamic trust evaluation. In the process of the subject accessing resources, in accordance with the changes in the security situation of the subject, resources and the environment, etc. that are continuously perceived, trust evaluation is continuously performed to maintain or change policy decisions. c) Minimum authority. In accordance with the task requirements and policy decisions, combined with the time window and the granularity of the accessed resources, the minimum authority is granted to the accessing subject. d) Encrypted transmission. Adopt cryptographic technology to establish an end-to-end data security channel for the subject to access resources.

5 Reference Architecture

The zero trust reference architecture consists of subject, resources, core components and supporting components, as shown in Figure 1.

6 Core Components

6.1 Policy Decision Component The policy decision component consists of a policy engine and a policy manager, and its main functions are as follows. a) Policy engine. responsible for determining the subject’s access rights to resources. Based on the information provided by the security policy and the supporting components, it continuously performs trust evaluation, and makes access control decisions of permission, rejection or revocation. b) Policy manager. responsible for issuing control commands for the connection between the subject and the resources. Relying on the access control decisions made by the policy engine, it issues a command to the policy execution component to establish, maintain or block the data security channel. 6.2 Policy Execution Component The policy execution component implements identity authentication and controls the data security channel between the subject and the resources under the management of the policy decision component. a) Identity authentication. in accordance with the command of the policy decision component, it coordinates with the supporting components to implement identity authentication for the subject. b) Control of data security channel. in accordance with the command issued by the policy manager, it starts, monitors and terminates the data security channel between the subject and the authorized resources.

7 Supporting Components

7.1 Task Management Component Coordinate the subject’s purpose of access, drive the subject’s task of accessing resources, including task objectives, task responsibilities and task processes, etc., link up entity access rights, and provide associated task lifecycle management services, collaborative services on task and resource access rights, task approval services, task identification services, task audit services and task-related information for the subject, resources, core components and other supporting components, including subject task attribute information, resource task attribute information, task status information, task approval information and task audit information, etc. 7.2 Identity Management Component Provide entity identity management services, entity identity attribute association services, personal entity identity authentication services, device identity authentication services, entity access rights management services and identity-related information for the subject, resources, core components and other supporting components, including entity identity identification, entity identity information, entity attribute information, entity access rights information, etc. 7.3 Resource Management Component Provide data resource management services, device resource management services, network resource management services, computing resource management services, application resource management services, resource entity identity authentication services, resource attribute association services, resource business collaborative management services and resource-related information, resource rating and classification information, device configuration information, resource identity information, resource access rights information, resource access context information, etc. for the subject, resources, core components and other supporting components. Resource management takes resource unit as the smallest unit, and several resource units are combined into the accessed resource. Resource units are associated with the same resource identifier, have unified resource attributes, and implement common security policies. 7.4 Environment Perception Component During the process of the subject accessing resources, by collecting network traffic, asset information, logs, vulnerability information, user behavior, threat information and other data, the network behavior and user behavior in the process of accessing are analyzed to obtain, understand, trace back, and display the status changes and trends of the subject, resources and access environment for the subject, resources, core components and other supporting components. 7.5 Cryptographic Service Component Ensure the authenticity of the entity identity of the subject, resources, core components and other supporting components, the confidentiality and integrity of the data, and the non- repudiation of the operation behavior, and provide cryptography-related network and communication security services, equipment and computing security services, application and data security services for the subject, resources, core components and other supporting components. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Image 1     Image 2     Image 3     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of English version of GB/T 43696-2024 be delivered?Answer: The full copy PDF of English version of GB/T 43696-2024 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 43696-2024_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 43696-2024_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 43696-2024 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 43696-2024?

A step-by-step guide to download PDF of GB/T 43696-2024_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 43696-2024".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9